CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 25
1. Which of the following should be included in an annual information security budget that is submitted for management approval?
A) A cost-benefit analysis of budgeted resources
B) All of the resources that are recommended by the business
C) Total cost of ownership (TCO)
D) Baseline comparisons
2. Which of the following is a benefit of information security governance?
A) Reduction of the potential for civil or legal liability
B) Questioning trust in vendor relationships
C) Increasing the risk of decisions based on incomplete management information
D) Direct involvement of senior management in developing control processes
3. Investment in security technology and processes should be based on:
A) clear alignment with the goals and objectives of the organization.
B) success cases that have been experienced in previous projects.
C) best business practices.
D) safeguards that are inherent in existing technology.
4. The data access requirements for an application should be determined by the:
A) legal department.
B) compliance officer.
C) information security manager.
D) business owner.
5. From an information security perspective, information that no longer supports the main purpose of the business should be:
A) analyzed under the retention policy.
B) protected under the information classification policy.
C) analyzed under the backup policy.
D) protected under the business impact analysis (BIA).
A) A cost-benefit analysis of budgeted resources
B) All of the resources that are recommended by the business
C) Total cost of ownership (TCO)
D) Baseline comparisons
2. Which of the following is a benefit of information security governance?
A) Reduction of the potential for civil or legal liability
B) Questioning trust in vendor relationships
C) Increasing the risk of decisions based on incomplete management information
D) Direct involvement of senior management in developing control processes
3. Investment in security technology and processes should be based on:
A) clear alignment with the goals and objectives of the organization.
B) success cases that have been experienced in previous projects.
C) best business practices.
D) safeguards that are inherent in existing technology.
4. The data access requirements for an application should be determined by the:
A) legal department.
B) compliance officer.
C) information security manager.
D) business owner.
5. From an information security perspective, information that no longer supports the main purpose of the business should be:
A) analyzed under the retention policy.
B) protected under the information classification policy.
C) analyzed under the backup policy.
D) protected under the business impact analysis (BIA).
1. Right Answer: A
Explanation: A brief explanation of the benefit of expenditures in the budget helps to convey the context of how the purchases that are being requested meet goals and objectives, which in turn helps build credibility for the information security function or program. Explanations of benefits also help engage senior management in the support of the information security program. While the budget should consider all inputs and recommendations that are received from the business, the budget that is ultimately submitted to management for approval should include only those elements that are intended for purchase. TCO may be requested by management and may be provided in an addendum to a given purchase request, but is not usually included in an annual budget. Baseline comparisons (cost comparisons with other companies or industries) may be useful in developing a budget or providing justification in an internal review for an individual purchase, but would not be included with a request for budget approval.
2. Right Answer: A
Explanation: Information security governance decreases the risk of civil or legal liability. The remaining answers are incorrect. Option D appears to be correct, but senior management would provide oversight and approval as opposed to direct involvement in developing control processes.
3. Right Answer: A
Explanation: Organization maturity level for the protection of information is a clear alignment with goals and objectives of the organization. Experience in previous projects is dependent upon other business models which may not be applicable to the current model. Best business practices may not be applicable to the organization's business needs. Safeguards inherent to existing technology are low cost but may not address all business needs and/or goals of the organization.
4. Right Answer: D
Explanation: Business owners are ultimately responsible for their applications. The legal department, compliance officer and information security manager all can advise, but do not have final responsibility.
5. Right Answer: A
Explanation: Option A is the type of analysis that will determine whether the organization is required to maintain the data for business, legal or regulatory reasons. Keeping data that are no longer required unnecessarily consumes resources, and, in the case of sensitive personal information, can increase the risk of data compromise.Options B. C and D are attributes that should be considered in the destruction and retention policy. A BIA could help determine that this information does not support the main objective of the business, but does not indicate the action to take.
Explanation: A brief explanation of the benefit of expenditures in the budget helps to convey the context of how the purchases that are being requested meet goals and objectives, which in turn helps build credibility for the information security function or program. Explanations of benefits also help engage senior management in the support of the information security program. While the budget should consider all inputs and recommendations that are received from the business, the budget that is ultimately submitted to management for approval should include only those elements that are intended for purchase. TCO may be requested by management and may be provided in an addendum to a given purchase request, but is not usually included in an annual budget. Baseline comparisons (cost comparisons with other companies or industries) may be useful in developing a budget or providing justification in an internal review for an individual purchase, but would not be included with a request for budget approval.
2. Right Answer: A
Explanation: Information security governance decreases the risk of civil or legal liability. The remaining answers are incorrect. Option D appears to be correct, but senior management would provide oversight and approval as opposed to direct involvement in developing control processes.
3. Right Answer: A
Explanation: Organization maturity level for the protection of information is a clear alignment with goals and objectives of the organization. Experience in previous projects is dependent upon other business models which may not be applicable to the current model. Best business practices may not be applicable to the organization's business needs. Safeguards inherent to existing technology are low cost but may not address all business needs and/or goals of the organization.
4. Right Answer: D
Explanation: Business owners are ultimately responsible for their applications. The legal department, compliance officer and information security manager all can advise, but do not have final responsibility.
5. Right Answer: A
Explanation: Option A is the type of analysis that will determine whether the organization is required to maintain the data for business, legal or regulatory reasons. Keeping data that are no longer required unnecessarily consumes resources, and, in the case of sensitive personal information, can increase the risk of data compromise.Options B. C and D are attributes that should be considered in the destruction and retention policy. A BIA could help determine that this information does not support the main objective of the business, but does not indicate the action to take.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment